Bypass DNS settings

Hi, I work for a government office, specifically in the IT department, we have a Tp Link TL-WR840N, which has 192.168.18.1 as its ip address, I recently used NextDNS service to block social media websites on the network to avoid employees being unproductive and it works well, but there's a detail I need to talk about. When I open my network adapter settings on my computer and click on the properties tab and then type 8.8.8.8 on my primary dns and 8.8.4.4 as my secondary one, all the sites that I blocked using NextDNS service will open up and successfully access to them. I really don't like the idea that if some users on the network have administrator privileges on their computers can manipulate their network adapters and have the opportunity to insert other dns protocols so they can bypass this service. Any solution to this?

Best regards